diff --git a/example/.gitignore b/example/.gitignore new file mode 100644 index 0000000..4fcc7ec --- /dev/null +++ b/example/.gitignore @@ -0,0 +1,9 @@ +idp/idp_conf.py +idp2/idp.subject +idp2/idp_conf.py +sp/outstanding +sp/sp_conf.py +server.crt +server.csr +server.key +server.key.org diff --git a/example/idp2/idp.py b/example/idp2/idp.py index 2ab9374..7520b87 100755 --- a/example/idp2/idp.py +++ b/example/idp2/idp.py @@ -120,7 +120,7 @@ class Service(object): def operation(self, _dict, binding): logger.debug("_operation: %s" % _dict) - if not _dict: + if not _dict or not 'SAMLRequest' in _dict: resp = BadRequest('Error parsing request or no request') return resp(self.environ, self.start_response) else: @@ -335,8 +335,13 @@ class SSO(Service): self.req_info = _info["req_info"] del IDP.ticket[_key] except KeyError: - self.req_info = IDP.parse_authn_request(_info["SAMLRequest"], - BINDING_HTTP_REDIRECT) + try: + self.req_info = IDP.parse_authn_request(_info["SAMLRequest"], + BINDING_HTTP_REDIRECT) + except KeyError: + resp = BadRequest("Message signature verification failure") + return resp(self.environ, self.start_response) + _req = self.req_info.message if "SigAlg" in _info and "Signature" in _info: # Signed request @@ -547,8 +552,11 @@ class SLO(Service): if msg.name_id: lid = IDP.ident.find_local_id(msg.name_id) logger.info("local identifier: %s" % lid) - del IDP.cache.uid2user[IDP.cache.user2uid[lid]] - del IDP.cache.user2uid[lid] + if lid in IDP.cache.user2uid: + uid = IDP.cache.user2uid[lid] + if uid in IDP.cache.uid2user: + del IDP.cache.uid2user[uid] + del IDP.cache.user2uid[lid] # remove the authentication try: IDP.session_db.remove_authn_statements(msg.name_id) @@ -843,6 +851,19 @@ def metadata(environ, start_response): logger.error("An error occured while creating metadata:" + ex.message) return not_found(environ, start_response) +def staticfile(environ, start_response): + try: + path = args.path + if path is None or len(path) == 0: + path = os.path.dirname(os.path.abspath(__file__)) + if path[-1] != "/": + path += "/" + path += environ.get('PATH_INFO', '').lstrip('/') + start_response('200 OK', [('Content-Type', "text/xml")]) + return open(path, 'r').read() + except Exception as ex: + logger.error("An error occured while creating metadata:" + ex.message) + return not_found(environ, start_response) def application(environ, start_response): """ @@ -900,19 +921,40 @@ def application(environ, start_response): return func() return callback(environ, start_response, user) + if re.search(r'static/.*', path) is not None: + return staticfile(environ, start_response) return not_found(environ, start_response) # ---------------------------------------------------------------------------- +# allow uwsgi or gunicorn mount +# by moving some initialization out of __name__ == '__main__' section. +# uwsgi -s 0.0.0.0:8088 --protocol http --callable application --module idp + +args = type('Config', (object,), { }) +args.config = 'idp_conf' +args.mako_root = './' +args.path = None + +import socket +from idp_user import USERS +from idp_user import EXTRA +from mako.lookup import TemplateLookup + +AUTHN_BROKER = AuthnBroker() +AUTHN_BROKER.add(authn_context_class_ref(PASSWORD), + username_password_authn, 10, + "http://%s" % socket.gethostname()) +AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED), + "", 0, "http://%s" % socket.gethostname()) + +IDP = server.Server(args.config, cache=Cache()) +IDP.ticket = {} # ---------------------------------------------------------------------------- if __name__ == '__main__': - import socket - from idp_user import USERS - from idp_user import EXTRA from wsgiref.simple_server import make_server - from mako.lookup import TemplateLookup parser = argparse.ArgumentParser() parser.add_argument('-p', dest='path', help='Path to configuration file.') @@ -937,16 +979,11 @@ if __name__ == '__main__': PORT = 8088 - AUTHN_BROKER = AuthnBroker() - AUTHN_BROKER.add(authn_context_class_ref(PASSWORD), - username_password_authn, 10, - "http://%s" % socket.gethostname()) - AUTHN_BROKER.add(authn_context_class_ref(UNSPECIFIED), - "", 0, "http://%s" % socket.gethostname()) - - IDP = server.Server(args.config, cache=Cache()) - IDP.ticket = {} - SRV = make_server('', PORT, application) print "IdP listening on port: %s" % PORT SRV.serve_forever() +else: + _rot = args.mako_root + LOOKUP = TemplateLookup(directories=[_rot + 'templates', _rot + 'htdocs'], + module_directory=_rot + 'modules', + input_encoding='utf-8', output_encoding='utf-8') diff --git a/example/idp2/static/css/main.css b/example/idp2/static/css/main.css new file mode 100644 index 0000000..9b44f63 --- /dev/null +++ b/example/idp2/static/css/main.css @@ -0,0 +1,2 @@ +/* Sample css file */ + diff --git a/example/idp2/templates/root.mako b/example/idp2/templates/root.mako index 3d6e9a0..c27e954 100644 --- a/example/idp2/templates/root.mako +++ b/example/idp2/templates/root.mako @@ -6,7 +6,7 @@ <% self.seen_css.add(path) %> <%def name="css()" filter="trim"> - ${css_link('/css/main.css', 'screen')} + ${css_link('/static/css/main.css', 'screen')} <%def name="pre()" filter="trim">
diff --git a/example/sp-repoze/sp.py b/example/sp-repoze/sp.py index b0a3c61..40d8858 100755 --- a/example/sp-repoze/sp.py +++ b/example/sp-repoze/sp.py @@ -270,6 +270,9 @@ app_with_auth = make_middleware_with_config(application, {"here": "."}, # ---------------------------------------------------------------------------- PORT = 8087 +# allow uwsgi or gunicorn mount +# by moving some initialization out of __name__ == '__main__' section. +# uwsgi -s 0.0.0.0:8087 --protocol http --callable app_with_auth --module idp if __name__ == '__main__': #make_metadata arguments